Ian,
Thanks for that! I'll have a look-see and incorporate into CVS.
Cheers,
Berin
Ian Alderman wrote:
The attached diff makes the problem go away for my code and illustrates
what's happening. In line 1122 of XSECC14n20010315.cpp, m_formatBuffer
becomes zero length, so every attribute gets added to the sort list with
the same key, meaning that all attributes except the first in an element get
discarded in canonicalization.
See http://xml.apache.org/xerces-c/apiDocs/classDOMNode.html#z231_4
Perhaps this is why getLocalName is returning null? Maybe the code should
test, and use getNodeName if getLocaName returns null.
Hope this helps,
-Ian
On Mon, 19 Jul 2004, Ian Alderman wrote:
I was able to make some progress on debugging this.
Debugging by printing the SignedInfo bytes as they get hashed (in
TXFMSHA1.cpp), I was able to determine that these bytes are different
when they get signed than they are when they get verified (and so the
hash is also different). Specifically, if I use the following
stylesheet, some of the "select" attributes (which happen to be second
attributes) get discarded.
My stylesheet and code are here:
http://www.cs.wisc.edu/~alderman/xsec/
-Ian
It would appear that the transform is being applied correctly; the
digest is the same as is produced by the Java library, but the
signature is different (the Java library signature verifies).
------------------------------------------------------------------------
85 ferdinand ~/workspace/xml/src/xml-security/xml-security/c/src > cvs diff canon
? canon/Makefile
? canon/Makefile.in
? canon/XSECC14n20010315.cpp.ORIG
cvs server: Diffing canon
Index: canon/XSECC14n20010315.cpp
===================================================================
RCS file: /home/cvspublic/xml-security/c/src/canon/XSECC14n20010315.cpp,v
retrieving revision 1.15
diff -r1.15 XSECC14n20010315.cpp
1122c1122
< m_formatBuffer << (*mp_formatter <<
tmpAtts->item(i)->getLocalName());
---
m_formatBuffer << (*mp_formatter << tmpAtts->item(i)->getNodeName());
